2
7/9/13 HMG Accreditation RHUL – Distance Learning Summer School 2 of 14 Systems Accreditation Systems Accreditation is the process by which risks to HMG systems are formally expressed, mitigations are developed, implemented and assessed to ensure that the resultant residual risk is acceptable to the business. The primary output of the accreditation process is an RMADS

8
7/9/13 HMG Accreditation RHUL – Distance Learning Summer School 8 of 14 Example BIL Table Copied from IAS1 v3.6 part 1 Appendix A – Business Impact Level Tables BIL0BIL3BIL5BIL6 Impact on life and safety NoneRisk to an individual’s personal safety or liberty Threaten life directly leading to limited loss of life Lead directly to widespread loss of life Impact on political stability NoneMinor loss of confidence in UK Government Threaten directly the internal political stability of the UK or friendly countries Collapse of internal political stability of the UK or friendly countries

11
7/9/13 HMG Accreditation RHUL – Distance Learning Summer School 11 of 14 Key Accreditation Stakeholders Accreditor –Responsible for impartial review and acceptance of the RMADS PGA – Pan Government Accreditor –Accreditor for systems or services which are shared across government (e.g. GSi) ITSO – IT Security Officer –Individual charged with oversight of IT security within the government department SIRO – Senior Information Risk Owner –Board member responsible for the Information Risk IAO – Information Asset Owner –Individual who fully understands what information is held and how it is used CLAS - CESG Listed Advisor –Responsible for accreditation and policy advice CESG –The National Technical Authority for IA advice and guidance